773 matches found
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 CVSS score: 9.3, an SQL injection bu...
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
The Computer Emergency Response Team of Ukraine CERT-UA has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of...
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models allows a hacker to execute arbitrary code by causing an operation to go beyond the buffer boundaries in memory.
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Krispy Kreme Cyber Attack Disrupted Online Ordering in the US
SUMMARY Popular doughnut chain Krispy Kreme has become the latest victim of a cyber attack. The incident, which…...
ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains
Dubai, United Arab Emirates, 20th November 2024, CyberNewsWire...
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO...
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirror...
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which...
CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities
The Computer Emergency Response Team of Ukraine CERT-UA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust...
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable informati...
Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper aka SnipBot or RomCom...
CISA is warning us (again) about the threat to critical infrastructure networks
Government-run water systems and other critical infrastructure are still at risk from state-sponsored actors, according to a renewed warning from the U.S. Cybersecurity and Infrastructure Security Agency. CISA released an advisory last week on the matter of days after a small water treatment...
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT aka SIMPLESE...
FBI Shuts Down Chinese Botnet
The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks...
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London TfL. "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," th...
NCA Arrests Teenager in Walsall Over TfL Cyber Attack
A recent National Crime Agency NCA investigation led to the arrest of a teenager in Walsall, England, linked…...
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign
A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is...
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows...
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of...
Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader aka WailingCrab loader by means of a search engine optimization SEO campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics...